From: Harald Freudenberger <freude@linux.ibm.com>
To: richard.henderson@linaro.org, iii@linux.ibm.com,
david@kernel.org, thuth@redhat.com, berrange@redhat.com
Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org,
linux-s390@vger.kernel.org, dengler@linux.ibm.com,
borntraeger@linux.ibm.com, fcallies@linux.ibm.com,
cohuck@redhat.com
Subject: [PATCH v12 10/17] target/s390x: Base support for cpacf protected keys and pckmo
Date: Fri, 10 Jul 2026 17:28:56 +0200 [thread overview]
Message-ID: <20260710152906.80207-11-freude@linux.ibm.com> (raw)
In-Reply-To: <20260710152906.80207-1-freude@linux.ibm.com>
Add base support for cpacf protected key handling.
Add support for the pckmo subfunctions PCKMO-Encrypt-AES-128-Key,
PCKMO-Encrypt-AES-192-Key and PCKMO-Encrypt-AES-256-Key which deal
with protected keys. These pckmo subfunctions derive a protected key
from an AES clear key by encrypting it with an internal AES wrapping
key. More details about protected keys can be found in the
"z/Architecture Prinziples of Operation" document.
The qemu version provided here is only a fake intended to make
protected key available for developing and testing purpose:
* The protected key is 'derived' from the clear key by xoring
the fixed pattern 0xAAAA... onto the key value.
* The AES Wrapping Key Verification Pattern is a fixed
value of 32 bytes 0xFACEFACE...
Add preprocessor defines for the xor pattern and wkvp used to
construct ('encrypt') a protected key from a clear key value with
this implementation. Also add some static functions to 'encrypt'
from clear key to protected key and 'decrypt' back to cpacf_aes.c.
The preprocessor defines shall be used later in testcases to
construct and decode protected keys.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Tested-by: Holger Dengler <dengler@linux.ibm.com>
---
target/s390x/gen-features.c | 3 ++
target/s390x/tcg/cpacf.h | 29 +++++++++++++++
target/s390x/tcg/cpacf_aes.c | 64 ++++++++++++++++++++++++++++++++
target/s390x/tcg/crypto_helper.c | 21 +++++++++++
target/s390x/tcg/translate.c | 9 ++++-
5 files changed, 124 insertions(+), 2 deletions(-)
diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c
index 078aeddb36..c5fd578d92 100644
--- a/target/s390x/gen-features.c
+++ b/target/s390x/gen-features.c
@@ -935,6 +935,9 @@ static uint16_t qemu_MAX[] = {
S390_FEAT_KMCTR_AES_256,
S390_FEAT_PCC_XTS_AES_128,
S390_FEAT_PCC_XTS_AES_256,
+ S390_FEAT_PCKMO_AES_128,
+ S390_FEAT_PCKMO_AES_192,
+ S390_FEAT_PCKMO_AES_256,
};
/****** END FEATURE DEFS ******/
diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h
index 61ce71476b..1d7d9baf0c 100644
--- a/target/s390x/tcg/cpacf.h
+++ b/target/s390x/tcg/cpacf.h
@@ -254,4 +254,33 @@ int cpacf_aes_xts(CPUS390XState *env, const int mmu_idx, uintptr_t ra,
uint64_t *src_ptr_reg, uint64_t *src_len_reg,
uint32_t type, uint8_t fc, uint8_t mod);
+/*
+ * Support for protected key cpacf functions. Note that this is
+ * a fake implementation intended for debugging and development.
+ * Do not use for production load !
+ */
+
+/*
+ * Hard coded pattern xored with the AES clear key
+ * to 'produce' the protected key.
+ */
+#define PROTKEY_XOR_PATTERN { \
+ 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, \
+ 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, \
+ 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, \
+ 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA }
+
+/*
+ * Hard coded wkvp ("Wrapping Key Verification Pattern")
+ */
+#define PROTKEY_WKVP { \
+ 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E, \
+ 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E, \
+ 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E, \
+ 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E }
+
+/* from cpacf_aes.c */
+int cpacf_aes_pckmo(CPUS390XState *env, const int mmu_idx, uintptr_t ra,
+ uint64_t param_addr, uint8_t fc);
+
#endif /* S390X_CPACF_H */
diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c
index 13d5cdff42..bc92884ff9 100644
--- a/target/s390x/tcg/cpacf_aes.c
+++ b/target/s390x/tcg/cpacf_aes.c
@@ -418,3 +418,67 @@ int cpacf_aes_xts(CPUS390XState *env, const int mmu_idx, uintptr_t ra,
return !len ? 0 : 3;
}
+
+/*
+ * Support for protected key cpacf functions. Note that this is
+ * a fake implementation intended for debugging and development.
+ * Do not use for production load !
+ */
+
+/*
+ * Hard coded pattern xored with the AES clear key
+ * to 'produce' the protected key.
+ */
+static const uint8_t protkey_xor_pattern[32] = PROTKEY_XOR_PATTERN;
+
+/*
+ * Hard coded wkvp ("Wrapping Key Verification Pattern")
+ */
+static const uint8_t protkey_wkvp[32] = PROTKEY_WKVP;
+
+/*
+ * 'encrypt' the clear key value into a protected key
+ * by xor-ing the protkey_xor_pattern onto it.
+ */
+static void encrypt_clrkey(uint8_t *key, int keysize)
+{
+ for (int i = 0; i < keysize; i++) {
+ key[i] ^= protkey_xor_pattern[i];
+ }
+}
+
+int cpacf_aes_pckmo(CPUS390XState *env, const int mmu_idx, uintptr_t ra,
+ uint64_t param_addr, uint8_t fc)
+{
+ uint8_t key[32];
+ int keysize;
+
+ switch (fc) {
+ case CPACF_PCKMO_ENC_AES_128_KEY:
+ keysize = 16;
+ break;
+ case CPACF_PCKMO_ENC_AES_192_KEY:
+ keysize = 24;
+ break;
+ case CPACF_PCKMO_ENC_AES_256_KEY:
+ keysize = 32;
+ break;
+ default:
+ g_assert_not_reached();
+ }
+
+ /* fetch key from param block */
+ copy_from_guest_wrap(env, mmu_idx, ra, param_addr, key, keysize);
+
+ /* 'derive' the protected key from the clear key */
+ encrypt_clrkey(key, keysize);
+
+ /* store the protected key into param block */
+ copy_to_guest_wrap(env, mmu_idx, ra, param_addr, key, keysize);
+ /* followed by the fake wkvp */
+ copy_to_guest_wrap(env, mmu_idx, ra,
+ param_addr + keysize,
+ protkey_wkvp, sizeof(protkey_wkvp));
+
+ return 0;
+}
diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_helper.c
index 564f7fa243..08151e916f 100644
--- a/target/s390x/tcg/crypto_helper.c
+++ b/target/s390x/tcg/crypto_helper.c
@@ -192,6 +192,24 @@ static int cpacf_pcc(CPUS390XState *env, const int mmu_idx, uintptr_t ra,
return rc;
}
+static int cpacf_pckmo(CPUS390XState *env, const int mmu_idx, uintptr_t ra,
+ uint8_t fc)
+{
+ int rc = 0;
+
+ switch (fc) {
+ case CPACF_PCKMO_ENC_AES_128_KEY:
+ case CPACF_PCKMO_ENC_AES_192_KEY:
+ case CPACF_PCKMO_ENC_AES_256_KEY:
+ rc = cpacf_aes_pckmo(env, mmu_idx, ra, env->regs[1], fc);
+ break;
+ default:
+ tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra);
+ }
+
+ return rc;
+}
+
uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, uint32_t r2, uint32_t r3,
uint32_t type)
{
@@ -251,6 +269,9 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, uint32_t r2, uint32_t r3,
case S390_FEAT_TYPE_PCC:
rc = cpacf_pcc(env, mmu_idx, ra, fc);
break;
+ case S390_FEAT_TYPE_PCKMO:
+ rc = cpacf_pckmo(env, mmu_idx, ra, fc);
+ break;
case S390_FEAT_TYPE_PPNO:
rc = cpacf_ppno(env, mmu_idx, ra, r1, r2, r3, fc);
break;
diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
index cef1b55149..d7a99e6c1e 100644
--- a/target/s390x/tcg/translate.c
+++ b/target/s390x/tcg/translate.c
@@ -2558,6 +2558,7 @@ static DisasJumpType op_msa(DisasContext *s, DisasOps *o)
int r2 = have_field(s, r2) ? get_field(s, r2) : 0;
int r3 = have_field(s, r3) ? get_field(s, r3) : 0;
TCGv_i32 t_r1, t_r2, t_r3, type;
+ bool update_cc = true;
switch (s->insn->data) {
case S390_FEAT_TYPE_KMA:
@@ -2589,8 +2590,10 @@ static DisasJumpType op_msa(DisasContext *s, DisasOps *o)
gen_program_exception(s, PGM_SPECIFICATION);
return DISAS_NORETURN;
}
- /* FALL THROUGH */
+ break;
case S390_FEAT_TYPE_PCKMO:
+ update_cc = false;
+ /* FALL THROUGH */
case S390_FEAT_TYPE_PCC:
case S390_FEAT_TYPE_KDSA:
break;
@@ -2603,7 +2606,9 @@ static DisasJumpType op_msa(DisasContext *s, DisasOps *o)
t_r3 = tcg_constant_i32(r3);
type = tcg_constant_i32(s->insn->data);
gen_helper_msa(cc_op, tcg_env, t_r1, t_r2, t_r3, type);
- set_cc_static(s);
+ if (update_cc) {
+ set_cc_static(s);
+ }
return DISAS_NEXT;
}
--
2.43.0
next prev parent reply other threads:[~2026-07-10 15:29 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-10 15:28 [PATCH v12 00/17] target/s390x: Extend qemu CPACF support Harald Freudenberger
2026-07-10 15:28 ` [PATCH v12 01/17] target/s390x: Rework s390 cpacf implementations Harald Freudenberger
2026-07-10 15:28 ` [PATCH v12 02/17] target/s390x: Move cpacf sha512 code into a new file Harald Freudenberger
2026-07-10 15:28 ` [PATCH v12 03/17] target/s390x: Support cpacf sha256 Harald Freudenberger
2026-07-10 15:28 ` [PATCH v12 04/17] crypto: Add aes-helpers file to support some AES modes Harald Freudenberger
2026-07-14 11:45 ` Ilya Leoshkevich
2026-07-14 14:16 ` Daniel P. Berrangé
2026-07-10 15:28 ` [PATCH v12 05/17] target/s390x: Support AES ECB for cpacf km instruction Harald Freudenberger
2026-07-14 11:49 ` Ilya Leoshkevich
2026-07-10 15:28 ` [PATCH v12 06/17] target/s390x: Support AES CBC for cpacf kmc instruction Harald Freudenberger
2026-07-10 15:28 ` [PATCH v12 07/17] target/s390x: Support AES CTR for cpacf kmctr instruction Harald Freudenberger
2026-07-10 15:28 ` [PATCH v12 08/17] target/s390x: Minimal AES XTS support for cpacf pcc instruction Harald Freudenberger
2026-07-10 15:28 ` [PATCH v12 09/17] target/s390x: Support AES XTS for cpacf km instruction Harald Freudenberger
2026-07-10 15:28 ` Harald Freudenberger [this message]
2026-07-10 15:28 ` [PATCH v12 11/17] target/s390x: Support protected key AES ECB " Harald Freudenberger
2026-07-10 15:28 ` [PATCH v12 12/17] target/s390x: Support protected key AES CBC for cpacf kmc instruction Harald Freudenberger
2026-07-10 15:28 ` [PATCH v12 13/17] target/s390x: Support protected key AES CTR for cpacf kmctr instruction Harald Freudenberger
2026-07-10 15:29 ` [PATCH v12 14/17] target/s390x: Minimal protected key AES XTS support for cpacf pcc instruction Harald Freudenberger
2026-07-10 15:29 ` [PATCH v12 15/17] target/s390x: Support protected key AES XTS for cpacf km instruction Harald Freudenberger
2026-07-10 15:29 ` [PATCH v12 16/17] docs/s390: Document CPACF instructions support Harald Freudenberger
2026-07-14 12:07 ` Ilya Leoshkevich
2026-07-10 15:29 ` [PATCH v12 17/17] tests/tcg/s390x: Add tests for CPACF instructions Harald Freudenberger
2026-07-14 12:01 ` Ilya Leoshkevich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260710152906.80207-11-freude@linux.ibm.com \
--to=freude@linux.ibm.com \
--cc=berrange@redhat.com \
--cc=borntraeger@linux.ibm.com \
--cc=cohuck@redhat.com \
--cc=david@kernel.org \
--cc=dengler@linux.ibm.com \
--cc=fcallies@linux.ibm.com \
--cc=iii@linux.ibm.com \
--cc=linux-s390@vger.kernel.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.